Secure the application serving environment. This information applies generally to all types of applications deployed in the environment.
Part of your security framework WebSphere® Application Server plays an integral part of the multiple-tier enterprise computing framework. Based on open architecture, WebSphere Application Server provides many plug-in points to integrate with enterprise software components to provide end-to-end security.
Product security Security infrastructure and mechanisms protect Java Platform, Enterprise Edition (Java EE) resources and administrative resources, addressing your enterprise security requirements.
Use the links provided in this topic to learn more about the security infrastructure.
Follow these shortcuts to get started quickly with popular tasks.
WebSphere Application Server supports the Java Platform, Enterprise Edition (Java EE) model for creating, assembling, securing, and deploying applications. Applications are often created, assembled, and deployed in different phases and by different teams.
You must address several issues prior to authenticating users, authorizing access to resources, securing applications, and securing communications. These security issues include migration, interoperability, and installation.
By default, all administrative and user applications in WebSphere Application Server use the global security configuration. For example, a user registry defined in global security is used to authenticate users for every application in the cell. Out-of-the-box, this behavior is the same as it was in previous releases of WebSphere Application Server. You can create additional WebSphere security domains if you want to specify different security attributes for some or all of your user applications. This section describes how to configure a security domain by using the administrative console.
The process of authenticating users involves a user registry and an authentication mechanism. Optionally, you can define trust between WebSphere Application Server and a proxy server, configure single sign-on capability, and specify how to propagate security attributes between application servers.
WebSphere Application Server provides many different methods for authorizing accessing resources. For example, you can assign roles to users and configure a built-in or external authorization provider.
WebSphere Application Server provides several methods to secure communication between a server and a client.
WebSphere Application Server provides various plug points so that you can extend the security infrastructure. Extending this security infrastructure involves several activities including: Developing custom user registries, developing applications that use programmatic security, and customizing web application login forms.
You can use the Auditing Facility to report and track auditable events to ensure the integrity of your system.
After installing WebSphere Application Server, there are several considerations for tuning, strengthening, and maintaining your security configuration.
The following topics help to troubleshoot specific problems that are related to configuring and enabling security configurations.
References in product information to app_server_root, profile_root, and other directories imply specific default directory locations. This topic describes the conventions in use for WebSphere Application Server.
This page provides a starting point for finding information about application clients and client applications. Application clients provide a framework on which application code runs, so that your client applications can access information on the application server.
This page provides a starting point for finding information about data access. Various enterprise information systems (EIS) use different methods for storing data. These backend data stores might be relational databases, procedural transaction programs, or object-oriented databases.
This page provides a starting point for finding information about enterprise beans.
This page provides a starting point for finding information about the use of asynchronous messaging resources for enterprise applications with WebSphere Application Server.
This page provides a starting point for finding information about resources that are used by applications that are deployed on a Java Enterprise Edition (Java EE)-compliant application server. They include:
This page provides a starting point for finding out how to secure OSGi applications.
This page provides a starting point for finding information about portlet applications, which are special reusable Java servlets that appear as defined regions on portal pages. Portlets provide access to many different applications, services, and web content.
This page provides a starting point for finding information about service integration.
This page provides a starting point for finding information about SIP applications, which are Java programs that use at least one Session Initiation Protocol (SIP) servlet written to the JSR 116 specification.
This page provides a starting point for finding information about web applications, which are comprised of one or more related files that you can manage as a unit, including:
This page provides a starting point for finding information about web services.